How to disable Restricted Area window?

February 20, 2014 45.3k views
igorkraev
By:
igorkraev
I installed WordPress following the article "One-click WordPress installation on Ubuntu 13.10". After that, I login in to Restricted Area window with username and password, which are located in /root/WORDPRESS (wp-admin/ folder is protected by Apache's .htaccess.) But now, when I visit my site this message is showing every time. On every page. How to disable it? Thanks.
2 comments
  • samsbroz May 4, 2015
    Report

    Thanks alot
    It is working fine for my website
    LetusQuiz.com

  • jmnativ August 15, 2015
    Report

    Can anyone please translate this to something an average user could understand? I’m sorry but I do not have a background in CS and I just can’t understand what you guys are talking about. :(

    I installed a new plugin on wordpress (hosted in DigitalOcean using one-click) and I don’t really have a problem with the additional server password. But after I installed this plugin called floating social bar, the password prompt appears on every page. I’ve been told I could just add the admin ajax php on whitelist? But I really don’t understand. I tried installing putty but I feel like a monkey on a rocketship.

    Can someone please help. Thank you!

Sign In to Comment
17 Answers
asb MOD August 11, 2014

From the main tutorial, One-Click Install WordPress on Ubuntu 14.04 with DigitalOcean:

To remove the additional password prompt, you’ll need to log into your VPS instance through SSH.... Once logged in, you need to update the main Apache configuration file. Open it as root with your text editor:

nano /etc/apache2/apache2.conf

Inside, you need to find the section that deals with the “/wp-admin/” section. It should look like this

<DirectoryMatch ^.*/wp-admin/>
    AuthType Basic
    AuthName "Please login to your droplet via SSH for login details."
    AuthUserFile /etc/apache2/.htpasswd
    Require valid-user
</DirectoryMatch>

This entire section can be commented out by placing the “#” character before each line, like this:

#<DirectoryMatch ^.*/wp-admin/>
#    AuthType Basic
#    AuthName "Please login to your droplet via SSH for login details."
#    AuthUserFile /etc/apache2/.htpasswd
#    Require valid-user
#<DirectoryMatch>

Once this is complete, you can restart Apache for your new changes to take affect.

service apache2 restart

This should remove the additional password prompt from the administrative areas, which is usually okay since WordPress itself can handle authentication.

Report
  • CTala February 5, 2015

    It seems that none of us read the tutorials :P.

    Thanks !

    Report
  • gilsoninacio May 4, 2015

    I only want to leave** restricted-area** when trying to log in meusite.com/wp-login.php, can anyone help? before I was only there, but then was requesting to access any part of the blog. Thank you.

    Report
  • kamaln7 MOD May 4, 2015

    @gilsoninacio: To limit the HTTP authentication to /wp-login.php only, use the following configuration instead:

    <DirectoryMatch /var/www>
    <Files wp-login.php>
        AuthType Basic
        AuthName "Restricted Area"
        AuthUserFile /etc/apache2/.htpasswd
        Require valid-user
    </Files>
</DirectoryMatch>

    Make sure you replace /var/www with the correct path to your Wordpress installation.

    Report
  • mws530 June 30, 2015

    Perfect! Exactly what I needed thank you.

    Report
annak February 21, 2014
Yes, wish I knew this too. In addition How to change user and pass. would be helpful too.

There is no .htaccess in /wp-admin/ either. I spent a half-hour looking around with an ftp client. Found just about everything else!!

I emailed Tech support and received the standard "we don't handle....' response. Clearly they kindly and graciously did handle the WP/Ubuntu13 install!

Anyways, hope someone responds soon. Thank you.
Report
kamaln7 MOD February 23, 2014
I think it's in /etc/apache2/apache2.conf
Report
annak March 9, 2014
What if we have users needing to login - to post e.g.?

What was the idea to circumvent them having to bypass the folder security?
Report
annak March 10, 2014
What happens if I delete /etc/apache2/apache2.conf? Does the DO WP/Ubuntu install then become a 'standard' Apache/WP install?

Or, what lines do I need to comment out for a 'standard' wproot\.htaccess to run the show?

All I want is for my WP/Ubuntu site to take directives from the /wp root/.htaccess. I am wasting so much time with DO's http auth..

Report
boiteanuages March 23, 2014
hello
I have the same problem ! login window displays on any page, every times for unloved users…
is someone found an issue about this ?
Report
n.muenzner March 24, 2014
Kamal, what do we have to change in apache2.conf?
Report
kamaln7 MOD March 24, 2014
@n.muenzner: Can you pastebin apache2.conf's contents? I haven't actually spun up a Wordpress droplet after the image was updated but it should be something like this: 
<Location -

AuthType Basic

...

</Location>


Comment out the whole block by adding "#" to the beginning of each line and then restart Apache. Does that work?
Report
fabvon March 28, 2014
I think that we have to remove this code from the file:


AuthType Basic
AuthName "Please login to your droplet via SSH for login details."
AuthUserFile /etc/apache2/.htpasswd
Require valid-user



I did it via WINSCP (sftp) and I had to reboot the droplet (sudo reboot).

I was so happy it worked, because I know nothing about Linux and stuff.
Report
michael668861 May 18, 2014
1. sudo nano /etc/apache2/apache2.conf
2. Hit ctrl-w and search for 'wp-admin'
3. Remove these lines

AuthType Basic
AuthName "Please login to your droplet via SSH for login details."
AuthUserFile /etc/apache2/.htpasswd
Require valid-user

4. Hit ctrl-o to write the changes to the file
5. Hit ctrl-x to exit, and then hit 'y' to save the changes.
6. service apache2 restart to restart your server and the folder should now be accessible.
Report
logan1 June 2, 2014
I've changed apache2.conf as above, however all of the pages except wp-admin load as a blank page, until I login. after logging in, they load normally. anyone seen this?
Report
support692277 June 14, 2014
Here are some steps from D.O. to help resolve the issue. https://www.digitalocean.com/community/tutorials/one-click-install-wordpress-on-ubuntu-13-10-with-digitalocean
Report
basd June 16, 2014
If you wish to change the password required for the /wp-admin/ directory, type the following while being logged in as root: 
htpasswd /etc/apache2/.htpasswd admin
It will ask you to enter a new password, which will be the password for /wp-admin/
Report
rc766081 August 11, 2014

my first time here and i run into this nonsense as well. Bitnami does the same crap, thinking they are writing good tutorials/guides but its more confusing than Aamazon’s AWS documentation and does not help new comers get into the “cloud”, I guess thats why they say “built for developers” and thats why RackSpace is growing so well.

This is discovered and has to troubleshoot for a few hours before deleting or at least a day before getting the answer from somewhere else on the net. So multiply that by countless users and they are getting income at the expense of their customers loss and frustration.

PLEASE improve your documentation !!!

Report
jmmountz March 17, 2015

Trying to restart apache failed with the following error:

Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message

I needed to add a line into that same file - /etc/apache2/apache2.conf saying

ServerName localhost

After adding this line, apache restarted successfully.

Report
gilsoninacio May 4, 2015

Very thanks @kamaln7 , its works now.

Report
alexandredesa May 23, 2015

I don’t know if you guys changed it before but I also had to change permission from wp-admin folder and wp-login.php file.

Report
Have another answer? Share your knowledge.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!